Manualshelf

Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
45464748495051525354
BlackBerry Enterprise Solution Security
Appendix E: Ephemeral AES encryption key derivation process 53
Appendix E: Ephemeral AES encryption key derivation process
The BlackBerry device uses an ephemeral 256-bit AES encryption key to encrypt the content protection key and
the ECC private key. The BlackBerry device derives the ephemeral 256-bit AES encryption key from the
BlackBerry device password using the following process:
1. The BlackBerry device selects a 64-bit salt (random data to mix with the BlackBerry device password). This
is intended to keep two identical passwords from turning into the same key.
2. The BlackBerry device concatenates the salt, the password, and the salt again into a byte array
(Salt|Password|Salt).
3. The BlackBerry device hashes the byte array with SHA256.
4. The BlackBerry device stores the resulting hash in a byte array called a key.
(key) = SHA256(Salt|Password|Salt)
5. The BlackBerry device hashes (key) 18 more times. It stores the result into (key) each time. For example, for
i=0 to 18, the BlackBerry device does the following:
(key) = SHA256(key)
i++
done
6. The final hash creates the ephemeral key.
See the RSA Security –PKCS #5 for more information.
www.blackberry.com